Welcome to MRI Onlocation (OnLocation), an online people presence management service from MRI New Zealand Holdings Limited (“MRI”). This Master Subscription Agreement (“Agreement”) contains the terms which explain our obligations as a service provider and Your obligations as a customer. Please read them carefully along with our Data Processing Agreement, the OnLocation Mobile End User Agreement, Application Developer and API Agreement, Privacy Policy, and, if applicable, ANZ and GDPR Statements as these also form part of this Agreement.
You can download the Master Subscription Agreement here.
If You are a new Subscriber, then this Master Subscription Agreement will be effective as of 1 February 2023 (GMT). If You are an existing Subscriber, we are providing You with prior notice of these changes which will be effective as of 1 March 2023 (GMT). For a prior version of our Master Subscription Agreement, click here.
THIS AGREEMENT CONSTITUTES A BINDING CONTRACT BETWEEN US AND YOU AND GOVERNS YOUR (AND YOUR END USERS’) USE OF AND ACCESS TO THE SERVICES FROM THE MOMENT YOU CREATE AN ACCOUNT.
By accepting this Agreement, either by creating an account, accessing or using a Service, or authorising or permitting any End-User to access or use a Service, You agree to be bound by this Agreement. If You are entering into this Agreement on behalf of a company, organisation or another legal entity (an “Entity”), You are agreeing to this Agreement for that Entity and representing to MRI that You have the authority to bind such Entity and its Affiliates to this Agreement, in which case the terms “Subscriber,” “You,” “Your” or a related capitalised term herein shall refer to such Entity and its Affiliates. If You do not have such authority, or if You do not agree with this Agreement, You must not accept this Agreement and may not use any of the Services.
1. Definitions
When used in this Agreement with the initial letters capitalised, in addition to the terms defined elsewhere in this Agreement, the following terms have the following meanings:
“Account”
means any account created on the Site for Services, whether for trial or subscription purposes.
“Account Owner”
means the person who has the highest level of access to Your Account. By default this is the End-User who initially subscribed to use the Service and accepted the Master Subscription Agreement terms. The Account Owner can subsequently assign another End-User as the Account Owner. There can only be one Account Owner at any time. The Account Owner manages the Account level settings.
“Add-ons”
means any opt-in feature or function that requires independent activation by the Account Owner via the Add-ons management tool available on the Site.
“Administrator”
means any person granted Administrative rights by the Account Owner. Administrators manage Location level settings and can assign privileges to End-Users.
“Affiliate”
means, with respect to a Party, any entity that directly or indirectly controls, is controlled by, or is under common control with such Party, whereby “control” (including, with correlative meaning, the terms “controlled by” and “under common control”) means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise. An example is a subsidiary of the Entity.
“Agreement”
means the terms and conditions detailed in this Master Subscription Agreement.
“API”
means an API and any accompanying or related documentation, source code, SDKs, executable applications, and other materials made available by MRI, including, without limitation, through its Onlocation API Documentation.
“Campus”
A Campus is a ‘Location’ (as defined below) but one which has ‘multiple’ buildings at the same address including universities, corporate campuses, business parks, and multi-facility manufacturing plants.
“Confidential Information”
includes all information exchanged between the parties to this Agreement, whether in writing, electronically or orally, including the Data entered into the Site by Your End-Users but does not include information which is, or becomes, publicly available other than through unauthorised disclosure by the other party.
“Customer”
means the organisation or person entered into the Organisation Name field in Your Account. Also referred to as the Subscriber.
“Customer Data”
means any data inputted by You, by Your End-Users, into the Site and/or our OnLocation mobile app including all text, sound, video, or image files, and software.
“Device”
means the mobile phone or other device that an OnLocation mobile app User downloads the OnLocation mobile app onto.
“End-User”
means any person or entity, which uses the Service with the authorisation of an Administrator from time to time.
“Geo-fenced Location”
means the virtual perimeter around a real-world geographic point created by You in your OnLocation account.
“Geolocation”
means the approximate location of the OnLocation mobile app user which is determined using Location Services or a Vehicle (which has a GPS device enabled).
“Guest”
means any non-employee of Your organisation; for example, a visitor or contractor.
“Important Notices”
means a notification sent by an Administrator to End Users from the Site. Important Notices can be sent to the recipient’s email, or as a sms (text), or as a Push Notification to the OnLocation mobile app Users. If the recipient is a visitor then the Important Notice can be displayed to them as they sign in or out of a Location via a kiosk. There are two types of Important Notices:
- Instant Messages: Are sent to recipients and are informational notices only and do not require any ‘acknowledgment’ of having been read.
- Acknowledgment Notices: Are sent to recipients and do require an ‘acknowledgment’ by the recipient.
“Integrations”
means any opt-in feature or function that requires independent activation by the Account Owner via the Integrations management tool available on the Site. Your use of a third-party integration may require You to agree to the third-party’s terms of use before being able to use that integration.
“Intellectual Property Right”
means any patent, trademark, service mark, copyright, moral right, right in a design, know-how and any other intellectual or industrial property rights, anywhere in the world whether or not registered.
“Location”
means a physical location where You carry out Your tasks and responsibilities. Locations are normally described as workplaces like Head Office, a warehouse, a school, a distribution centre, etc… but can be non-workplaces. For multiple buildings at one location see “Campus”.
“Location Access Control Point”
means a physical place within a location where people sign themselves into and out of. For example: Main Reception, Warehouse Entrance, Security Gate 1 etc…
“Location Services”
means those user-requested services accessible from the OnLocation mobile app User’s Device by the OnLocation mobile app which uses information from cellular, Wi-Fi, and Global Positioning System (GPS) networks to determine a User’s approximate location if they request it using the opt-in functions on the OnLocation mobile app.
“MRI”
“We”, “Us” or “Our”: means MRI as defined below. MRI means: MRI New Zealand Holdings Limited which is a registered company incorporated in Wellington, New Zealand or any of its successors or assignees. MRI is a wholly own subsidiary of MRI Software, LLC.
“OnEvac”
means MRI’s mobile evacuation management app. Nominated users can perform a range of functions depending on the need at the time of the evacuation:
- Verify the location’s zone (s) is clear
- Verify the safety of people using the roll-call tool
- Send an SMS requesting people to confirm they are safe.
- Chat with other users
- View a post-evacuation report
“OnLocation mobile app”
means MRI’s free mobile application for Your employees, service providers, and other users.
“OnLocation mobile app End User Agreement”
means the agreement regulating the relationship between MRI and the OnLocation mobile app User in respect of their access to and use of the OnLocation mobile app, available here.
“OnLocation mobile app Features”
means the features and functions of the OnLocation mobile app described here, which may include the ability:
- for the OnLocation mobile app Users to manually tag themselves in and out of a Location created in your Account.
- for You to add a Geo-fence around a Location;
- by enabling Locating Services and Push Notifications the OnLocation mobile app Users can be prompted to tag themselves in and out of a Geo-fenced Location as they enter and exit the Geo-fence, or be automatically tagged in or out of a Geo-fenced location; or
- for the OnLocation mobile app Users to receive Important Notices.
“OnLocation mobile app User”
means any person who:
- has been authorisation by You to have access to the OnLocation mobile app; and
- has agreed to be bound to the OnLocation Mobile App End User Agreement.
“Payment Frequency”
means the frequency by which You have nominated to pay Your Subscription; this being monthly or yearly in advance.
“Privacy Policy”
means the privacy policy found at https://mrisoftware.com/ie/onlocation-privacy-policy/
“Push Notification”
means a notification sent by an End-user to the Onlocation mobile app Users that pops up on the OnLocation mobile app. Push Notifications can be in the form of Important Notices or as a visitor arrival notification. Where SMS (text) messages incur a fee, push notifications and email notices are free.
“Reseller”
means any authorised third-party channel partner or referrer from whom you procure a subscription to the Service.
“Service”
means MRI OnLocation, the online people presence management services made available (as may be changed or updated from time to time by MRI) via the Site, other web pages designated by OnLocation Add-ons and Integrations including, individually and collectively, the applicable Software, Updates, API and Documentation, and our OnLocation mobile app.
“Sign-in”
means a Guest or Employee signing into a Location using the people presence management tools available in the Service for the purpose of registering their presence on-site.
“Site”
means the application Internet sites operated by MRI and identified by the URL Domain whosonlocation.com.
“SMS”
means ‘Short Message Service’ and is also commonly referred to as a “text message”. OnLocation uses SMS (text) notifications in many areas of its service including, but not limited to, visitor arrival notifications, evacuation management notifications, and trigger notifications. With a SMS, you can send a message of up to 160 characters to another device. Longer messages, those exceeding 160 characters, will automatically be split up into several parts. So a 200 character SMS will consist of 2 parts. A 325-character SMS consists of 3 parts etc…
“SMS Credits”
Each Subscription Plan includes a limited number of SMS Credits. SMS credits are redeemed when SMS (text) messages are sent. 1 credit is redeemed (debited) from your SMS credits balance for every 160-character part sent. Credits are sold in ‘Packs’ and one Pack is 1000 SMS Credits.
“SMS Fees”
If you use more than the included SMS Credits in your Plan (s) additional SMS Charges will apply. You can choose not to use SMS services or suspend them. Current SMS Fees are published on our website.
“Subscriber”, “You” or “Your”
means the person or entity that Subscribed to use the Service and is agreeing to this Agreement, as specified in the “organisation” field on the Account . A Subscriber may be an End-User.
“Subscription Fees”
means the subscription fees and any other fees or charges for any Add-ons or Integrations applicable to Your Subscription Plan, as detailed on the Site or otherwise notified to You by Us, or if applicable, the Reseller from who you procured your Subscription Plan.
“Subscription Plan”
means the Service plan (including any Add-ons, Integrations or other benefits included in such plan) for which You subscribe with respect to each Location, and the functionality and services associated with that plan (as detailed on the Site or otherwise notified to you by Us or the Reseller from whom you procured your Subscription Plan, as applicable).
“Subscription Term”
means the period during which You have agreed to subscribe to the Service. Your Subscription Term will commence at the time that You create Your Account (unless You are eligible for (and elect to access) a Trial, in which case Your Subscription Term will commence at the end of Your Trial Period) and will end when Your Agreement with Us is terminated pursuant to clause 22.
“Trial Period”
means, if available, a free, no obligation period in which You have to evaluate and trial the Service or an Add-on. A Trial Period will normally last 30 days.
“You”
means the Subscriber, and where the context permits, the Account Owner or an End User. “Your” has a corresponding meaning.
2. Parties and this relationship
2.1. When you create an Account, You will gain free access to a trial of the Service for a Trial Period, unless a Trial Period is not offered with Your Subscription Plan. A Trial Period may not be offered with certain Subscription Plans as it will not be relevant or appropriate in the context of other rights or benefits You receive from Us or a Reseller as part of that plan.
2.2. From time to time one of our Resellers may bundle its product or service with an OnLocation Subscription Plan. When you purchase the Reseller’s product or service You will enter into a contract with the Reseller. However, You will also need to register with MRI either directly or via our Reseller for an OnLocation Subscription Plan and create or activate an Account (pursuant to this Agreement) and accept the terms of this Agreement.
3. Scope and Intent
These Terms are binding on any use of the Service (including where you have procured your Subscription Plan from a Reseller) and apply to You from the time that You first access the Service. You are deemed to have agreed to these Terms on behalf of any entity for whom you use the Service.
The Service includes any upgrades, modified versions, updates to the Site developed by us, and the Helpdesk.
The Service will evolve over time based on user feedback. MRI reserves the right to change these Terms at any time, effective upon the posting of modified Terms of Use and MRI will make every effort to communicate these changes to You via email or notification via the Site. It is Your obligation to ensure that You are aware of any updated terms available on the Site.
This Agreement includes our Data Processing Agreement, the OnLocation mobile app End User Agreement, Application Developer and API Agreement, Privacy Policy, ANZ Privacy Statement (if applicable), GDPR Statement (if applicable), which are accessible in the footer of the Site on the Login screen, and which are hereby incorporated by reference (collectively referred to as the “Agreement”) and You agree to be bound by all of the provisions.
4. Purpose of Service
The safety and security of people and assets starts with knowing who is on-site. The purpose of OnLocation is to keep people and assets safe by giving organisations real-time visibility of who is authorised access to their sites, who is coming on-site, who is actually on-site, and who was on-site. We aim to do this in a way that’s simple, smart and secure.
5. Access to Service
MRI grants You the right to access and use the Service via the Site with the particular user roles available to You according to Your Subscription Plan. This right is non-exclusive, non-transferable, and limited by and subject to this Agreement. You acknowledge and agree that:
- the Account Owner determines who is an End User with Administrator user role access at all times and can revoke or change an Administrator’s access, or level of access, at any time and for any reason, in which case that person or entity will cease to be an Administrator or shall have that different level of access, as the case may be;
- the Administrator (s) determines who is an End User with non-Administrator user role access at all times and can revoke or change an End User’s access, or level of access, at any time and for any reason, in which case that person or entity will cease to be an End User or shall have that different level of access, as the case may be;
- the Administrator(s) determines who is an OnLocation mobile app User at all times and can revoke or change an OnLocation mobile app User’s access to the OnLocation mobile app at any time and for any reason, in which case that person will cease to be an OnLocation mobile app User.
6. Trial Policy
6.1. When you create an Account, You will gain free access to a trial of the Service for a Trial Period, unless a Trial Period is not offered with Your Subscription Plan. A Trial Period may not be offered with certain Subscription Plans as it will not be relevant or appropriate in the context of other rights or benefits You receive from Us or a Reseller as part of that plan.
6.2. During Your Trial Period You will have full access to all training, demo, and support services. We don’t require a credit card during the Trial Period, so You can try these services obligation-free.
6.3. At any time during or prior to the commencement of Your Trial Period, You may elect to use, or continue using, our services as a subscribed customer. In which case:
6.3.1. our Support team will confirm Your Subscription Plan and You must pay Your Subscription Fees in accordance with clause 8 below from the commencement of Your Subscription Term (Your Subscription Term will only commence at the end of the Trial Period, irrespective of your earlier election to become a subscribed customer).
6.3.2. if you elect to become a subscribed customer during your Trial Period, then Your trial Account will become your permanent Account (all of your customisations, data, and actions remain intact).
6.4. if you elect to become a subscribed customer during your Trial Period, then Your trial Account will become your permanent Account (all of your customisations, data, and actions remain intact).
6.5. At the end of Your Trial Period, We will email you to advise You that Your trial has ended. This email will ask You to confirm whether you wish to continue as a subscribed customer. If yes, then:
6.5.1. our Support team will confirm Your Subscription Plan and You must pay Your Subscription Fees in accordance with clause 8 below from the commencement of Your Subscription Term.
6.5.2. Your trial Account will become your permanent Account (all of your customisations, data, and actions remain intact).
6.6. If you decide not to proceed to becoming a subscribed customer, your Account will be terminated and all Your Customer Data will be deleted.
6.7. We reserve the right to terminate Your Trial at any time if we suspect Your intentions for trialling OnLocation are not for the intended purpose of our Service.
7. Subscription Plans
7.1. About Subscription Plans
You can choose the Subscription Plan that best meets your requirements. There are various Subscription Plans published on our Site to choose from.
7.2. Grandfathered Subscription Plans
Any Location in your Account on the Starter Plan prior to 1 August 2017 will be grandfathered on that Starter Plan as long as the Location linked to that Subscription Plan does not breach the annual Guest Sign-in limits for the Starter Plan (Guest 1,000 p.a and Employee 12,000 p.a) or until Your account terminates.
With the exception of Locations on our Starter Plan prior to August 2017 (as described above) any other Location in your account on any Subscription Plan prior to 1 March 2022 will remain on that current Subscription Plan (s) pricing until Your first annual anniversary following 28 February 2024, when you will be migrated to the Subscription Plans published on our Site at the time of Your renewal.
7.3. Downgrade and Upgrade
You can upgrade or downgrade your Subscription Plan for any Location anytime. MRI reserves the right to review Your Subscription Plan anytime and if Your annual Guest and/or Employee sign-in count exceeds Your current Plan, You must upgrade to a Plan that meets Your requirements.
8.Your Obligations
8.1. Payment obligations
8.1(a) Invoicing by Reseller
If you have procured Your Subscription Plan from a Reseller (as per clause 2.2 of this Agreement) and, pursuant to Your contract with the Reseller, You have agreed to make payment of Your Subscription Fees directly to the Reseller, the Reseller will invoice You for Your Subscription Fees in accordance with the payment terms agreed between You and the Reseller. Clause 8.1(b) below will not apply to You unless You renew Your Subscription Plan with Us or subscribe to an opt-in Add-on and that Add-on has an additional Subscription Plan.
8.1(b) Invoicing by MRI
Unless clause 8.1(a) applies to Your Subscription Plan, an invoice for Your Subscription Fees will be issued by Us at the frequency nominated by You (Monthly or Yearly). Subscription Fees will be payable for Your entire Subscription Term.
When paying by Credit Card
- If You wish to pay monthly, We require payment by credit card.
- If You wish to pay annually You can pay on invoice by credit card or, bank transfer if Your account meets Our bank transfer eligibility criteria.
When paying by Bank Transfer
We accept payment by bank transfer on invoice:
- If Your monthly or annual invoice exceeds NZD$250.00, AUD$250.00, CAD$250.00, USD$195.00, GBP£145.00, EUR€160.00 excluding taxes.
Your Subscription Plan includes a limited number of SMS Credits. Once these included SMS Credits are used, should You continue to use our SMS services, You agree to pay for any additional SMS Credits used. Your SMS Credits balance is available to Account Owners, within the application, under Tools | Account | SMS Status.
All MRI invoices will be sent to the Billing Contact whose details are provided by You and recorded under the ‘Account’ / ‘Billing Details’ section of the Account Owners Tools. You must pay or arrange payment of all amounts specified in any invoice by the due date for payment and are payable within 10 days of the invoice date. You are responsible for payment of all taxes and duties in addition to Your Subscription Fees.
8.1(c) SMS Credits
Your Subscription Plan includes a limited number of SMS Credits. Once these included SMS Credits are used, should You continue to use our SMS services, You agree to pay for any additional SMS Credits used. Your SMS Credits balance is available to Account Owners, within the application, under Tools | Account | SMS Status.
8.2. Preferential pricing or discounts
You may from time to time be offered preferential pricing or discounts for the Subscription Plans as a result of the number of Locations that You have added to the Service or that have been added with Your authority or as a result of Your use of the Service. Eligibility for such preferential pricing or discounts is conditional upon Your acceptance of responsibility for payment of any Subscription Plans in relation to all of Your Locations. Without prejudice to any other rights that MRI may have under these Terms or at law, MRI reserves the right to render invoices for the full (non-discounted) Subscription Plans due or suspend or terminate Your use of the Service in respect of any or all of Your locations in the event that any invoices for those Subscription Plans are not paid in full by the due date for payment.
8.3. General obligations
You must only use the Service and Site for Your own lawful internal business purposes, in accordance with these Terms and any notice sent by MRI or condition posted on the Site. You may use the Service and Site on behalf of others or in order to provide services to others but if You do so You must ensure that You are authorised to do so and that all persons for whom or to whom services are provided comply with and accept all Terms of this Agreement that apply to You.
8.4. Access conditions
8.4.1. You must ensure that all usernames and passwords required to access the Service are kept secure and confidential. You must immediately notify MRI of any unauthorised use of Your passwords, or any other breach of security and MRI will reset Your password and You must take all other actions that MRI reasonably deems necessary to maintain or enhance the security of MRI’s computing systems and networks and Your access to the Services.
8.4.2. As a condition of this Agreement, when accessing and using the Services, You must:
- not attempt to undermine the security or integrity of MRI’s computing systems or networks or, where the Services are hosted by a third party, that third party’s computing systems and networks;
- not use, or misuse, the Services in any way which may impair the functionality of the Services or Site, or other systems used to deliver the Services or impair the ability of any other user to use the Services or Site;
- not attempt to gain unauthorised access to any materials other than those to which You have been given express permission to access or to the computer system on which the Services are hosted;
- D. not transmit, or input into the Site, any: files that may damage any other person’s computing devices or software, content that may be offensive, or material or Data in violation of any law (including Data or other material protected by copyright or trade secrets which You do not have the right to use); and
- not attempt to modify, copy, adapt, reproduce, disassemble, decompile or reverse engineer any computer programs used to deliver the Services or to operate the Site except as is strictly necessary to use either of them for normal operation.
8.5. Usage Limits
Use of the Service may be subject to limitations, including but not limited to monthly people transaction volumes (Sign-ins) You are permitted to make against OnLocation’s application programming interface. Any such limitations will be defined under your Subscription Plan.
8.6. Communication Conditions
As a condition of these Terms, if You use any communication tools available through the Site (such as any forum, chat room or message center), You agree only to use such communication tools for lawful and legitimate purposes. You must not use any such communication tool for posting or disseminating any material unrelated to the use of the Services, including (but not limited to): offers of goods or services for sale, unsolicited commercial e-mail, files that may damage any other person’s computing devices or software, content that may be offensive to any other users of the Services or the Site, or material in violation of any law (including material that is protected by copyright or trade secrets which You do not have the right to use).
When You make any communication on the Site, You represent that You are permitted to make such communication. MRI is under no obligation to ensure that the communications on the Site are legitimate or that they are related only to the use of the Services. As with any other web-based forum, You must exercise caution when using the communication tools available on the Site. However, MRI does reserve the right to remove any communication at any time in its sole discretion.
8.7. Indemnity
8.7.1. You indemnify MRI against all claims, costs, damage and loss solely arising from Your breach of any of these Terms or any obligation You may have to MRI, including (but not limited to) any costs relating to the recovery of any Subscription Plans that are due but have not been paid by You.
8.7.2. You are not liable to us under clause 8.7.1 for any:
- loss of profit; or
- consequential, indirect, incidental or special damage or loss of any kind.
8.7.3. Clause 8.7.2 does not apply to limit your liability:
- for any actual or alleged claim by a third party that any Customer Data infringes the rights of that third party (including Intellectual Property Rights and privacy rights) or that the Data is incorrect, misleading, objectionable, defamatory, obscene, harassing, threatening, or unlawful in any way;
- for personal injury, death, fraud or wilful misconduct;
- to pay the Subscription Plans and any recovery costs that MRI or a Referrer (as applicable) incurs in relation to unpaid Subscription Plans; or
- for a breach of clause 15.1.
9. Help Desk
MRI operates an online helpdesk to administer user enquiries. You can access the Helpdesk via the Site.
In the case of technical problems, You must make all reasonable efforts to investigate and diagnose problems before contacting MRI. If You still need technical help, please check the support provided:
- Online helpdesk https://helpdesk.whosonlocation.com (available 24 x 7 x 365)
- Email: support@whosonlocation.com
- Worldwide: +64 4 891 0886
- Australia: 1300 106 541
- United States / Canada: 1 800 501 1761
- United Kingdom / EU: +44 808 196 0991
10. Subscription Plan Reviews
Any adjustment to Your Subscription Plan must be issued in writing to You at least 30 days prior to the commencement of that fee adjustment. Any adjustment to Your Subscription Plan will not apply until Your next Subscription renewal.
11. Opt-in Add-ons, Integrations, and Subscription Fees
In the event we introduce new Add-ons or Integrations (Features) that we feel require the introduction of a new fee for that respective new Feature’s use; we will advise You, as per our Service Level Commitment detailed in Clause 13.2, 5 days prior to the new Feature being released in the Application. You are not obligated to accept or activate any new Feature or service that requires the introduction of a new fee.
11.1. The OnLocation mobile app
Features
11.1.1. The OnLocation mobile app is a free-to-download mobile application and optional Integration application. Some of the OnLocation mobile app features are dependent on:
- The capabilities of the Device, and the OnLocation mobile app User is solely responsible for the installation and configuration of the OnLocation mobile app on the Device.
- You enabling the OnLocation mobile app User’s access to that Feature, and You are solely responsible for determining which Features the OnLocation mobile app User will have access to;
- You activating certain Features, for example You are solely responsible for creating Geo-fenced Locations;
- the OnLocation mobile app User enabling that Feature for the OnLocation mobile app on the Device, for example the OnLocation mobile app User has the ability to turn on or off Location Services and Push Notifications for the OnLocation mobile app on the Device;
- Your and the OnLocation mobile app User’s connection to the internet;
- Certain third-party providers and the availability of their products and services, for example Location Services uses a combination of cellular, Wi-Fi, and GPS to determine the OnLocation mobile app User’s location, all of which may be subject to:
- the OnLocation mobile app User’s location when using the OnLocation mobile app, for example if they are not within a clear line of sight of GPS satellites, or the Device cannot determine their location using crowd-sourced Wi-Fi and cell towers then their location may not be identified; and
- changes by those third parties,
accordingly, such Features may be modified or limited.
11.1.2. We do not safeguard an interruption-free and latency-free end-to-end connection between You and the OnLocation mobile app User, or take any responsibility for accurately determining the OnLocation mobile app User’s location, which is primarily a function of the OnLocation mobile app User’s Device.
Rights
11.1.3. We will grant the OnLocation mobile app Users a non-exclusive, non-transferable, non-sublicensable, and revocable right to access and use the OnLocation mobile app within the limits specified in this Agreement and the OnLocation mobile app End User Agreement.
11.1.4. The OnLocation mobile app End User Agreement does not grant to you any rights to use any other products and/or services of MRI.
11.1.5. The OnLocation mobile app shall only be accessible to the OnLocation mobile app Users. If the employee or contractor that You request We provide the OnLocation mobile app access to does not agree to the terms of the OnLocation mobile app End User Agreement, then that person must not access the OnLocation mobile app.
11.1.6. Without detracting from any other provision of this Agreement, You agree that You are responsible for any breach of this Agreement by the OnLocation mobile app Users.
11.1.7. Where any provision of this Agreement is inconsistent with any provision of this the OnLocation mobile app End User Agreement then:
- as it relates to the OnLocation mobile app User’s access to and use of the OnLocation mobile app, the terms of the OnLocation mobile app End User Agreement shall prevail (but only to the extent of the inconsistency); and
- as it relates to Your access to and use of the OnLocation mobile app, the terms of this Agreement shall prevail (but only to the extent of the inconsistency).
11.2. OnEvac
Is a free Mobile app and Add-on that allows users to verify the safety of employees, visitors, and service providers in the event of an evacuation. A feature of OnEvac is ‘SMS Verify’ whereby the OnEvac user can activate an SMS message to be sent to employees, and Guests (recipients) requesting they respond to confirm they are safe. The cost of sending this SMS message to recipients is as per the SMS Fees detailed on our website. Depending on the recipient’s mobile/cellular phone carrier the carrier may charge the recipient for both receiving the initial SMS from OnEvac and subsequently responding.
12. Service Availability
Whilst we intend that the Service should be available 24 hours a day, seven days a week, it is possible that on occasions the Service or Site may be unavailable to permit maintenance or other development activity to take place.
We have achieved 99.9% availability each year since the Service was first activated in 2012. For clarification 99.9% up-time equals 8 hours, 45 minutes, and 57 seconds of downtime per year. Availability in the last 12 months has been 99.99%.
(This statistic was last updated on 1 April 2022 and can be reviewed in real-time at http://status.whosonlocation.com/)
Force Majeure: We are not responsible for the Service being unavailable where the cause of the event is outside of our control. Such events include, but are not limited to, Acts of God, Terrorism, Earthquake, Flood, Internet Outage, Power Failure, or any other Force Majeure event.
If for any reason we have to interrupt the Service for longer periods than we would normally expect, we will use reasonable endeavours to publish in advance details of such activity on the Site login screen, and via updates through our social media channels.
13. Service Level Commitments
We will advise You via one, some, or all of the following channels:
- The login screen message board
- Email to Administrators and Subscribers
- Status Page: http://status.whosonlocation.com/
13.1. Unplanned Outages
As soon as practicable of any unplanned outage that occurs We will keep you updated every 30 minutes until availability is restored. Updates will be communicated via one, some, or all of the channels above.
13.2. New Feature Releases and Updates
We will endeavour to advise of any Feature release or Update prior to the release of that new feature or update but no later than 72 hours after the release.
We release new features during non-business hours and with as little disruption to users as possible.
13.3. Delays
We will advise You 2 Days in Advance via one, some, or all of the channels listed above with revised delivery dates before the scheduled release.
13.4. Support
If you contact our Helpdesk team on support@whosonlocation.com, we will provide:
- Acknowledgement within 6 hours of your customer support request
- Resolution or update within 24 hours of your request
- On-going updates as needed
13.5. Availability | Uptime:
Our Service Level Agreement Commitment for availability | Uptime is 99.9% per month | per annum which equates to downtime of:
- Monthly: 43m 49.7s
- Yearly: 8h 45m 57.0s
14. Service Level Commitment Breach
14.1. Service Credits
We provide financial backing to our commitment to achieve and maintain Service Levels. If we do not achieve and maintain the Service Levels as described in this Service Level Commitment (SLC), then you may issue a claim for free extensions to your current Subscription Term by sending an email to support@whosonlocation.com.
14.1.1. Credit for breach of Service Level Commitments 13.1 to 13.4 One free month extension to your current Subscription Term.
One free month extension to your current Subscription Term.
14.1.2. Credit for breaching Service Level Commitment 13.5; Availability | Uptime:
| Monthly Uptime Percentage | Subscription Plan Credit |
| < 99.9% | 1 Month Free Subscription Added to your current Term across all Locations |
| < 99.5% | 2 Months Free Subscription Added to your current Term across all Locations |
| < 98% | 3 Months Free Subscription Added to your current Term across all Locations |
14.2. Credit Exclusions
Downtime is the total minutes in a month during which the aspects of a Service is unavailable. Scheduled Downtime and unavailability of a Service, due to limitations such as the failure of a Customer’s hardware, or the Customer’s ISP failure, or any Force Majeure event are not eligible in the calculation.
15. Confidentiality and Privacy
15.1. Confidentiality
Unless the relevant party has the prior written consent of the other or unless required to do so by law:
15.1.1. Each party will preserve the confidentiality of all Confidential Information of the other obtained in connection with these Terms. Neither party will, without the prior written consent of the other, disclose or make any Confidential Information available to any person, or use the same for its own benefit, other than as contemplated by these Terms.
15.1.2. Each party’s obligations under this clause will survive termination of these Terms.
15.1.3. The provisions of clauses 15.1.1 and 15.1.2 shall not apply to any information which:
- is or becomes public knowledge other than by a breach of this clause;
- is received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure;
- is in the possession of the receiving party without restriction in relation to disclosure before the date of receipt from the disclosing party; or
- is independently developed without access to the Confidential Information.
15.2. Privacy
MRI maintains a Privacy Policy that sets out the parties’ obligations in respect of personal information. You should read that policy as well as our GDPR Statement (available on our Website and in the footer of the Service login screen), and if you are an Australian or New Zealand customer, our ANZ Policy Statement and You will have taken to accepted that policy when You accept these Terms.
Our policy is to respect and protect the privacy of our users. This policy statement tells You how we collect information from You and how we use it. We follow five core principles of privacy protection in the operation of its Application:
- Notice/Awareness of MRI’ information practices
- Choice/Consent to provide information
- Access/Participation to/in Your own data
- Integrity/Security of the Data Collected
- Enforcement/Redress through self-regulation.
15.3. Customer Data
15.3.1. You acknowledge that:
- MRI may require access to the Customer Data to exercise its rights and perform its obligations under these Terms; and
- to the extent that this is necessary but subject to clause 15.1, MRI may authorise its officers, and employees to access the Customer Data for this purpose.
15.3.2. You must arrange all consents and approvals that are necessary for MRI to access the Customer Data as described in clause 15.3.1.:
15.3.3. You acknowledge and agree that to the extent Customer Data contains personal information, in collecting, holding and processing that information through the Service, MRI is acting as an agent of yours for the purposes of applicable privacy law. You must obtain all necessary consents from the relevant individual to enable MRI to collect, use, hold and process that information in accordance with these Terms.
16. Disclosure of Customer Data following Government Demand
MRI adheres to the same principles for all requests from government agencies for user data, requiring governmental entities to follow the applicable laws, rules and procedures for requesting customer data. MRI does not provide any government with direct and unfettered access to our customers’ data, and we do not provide any government with our encryption keys or the ability to break our encryption. If a government wants customer data, it needs to follow applicable legal process – meaning, it must serve us with a warrant or court order for content or a subpoena for subscriber information or other non-content data.
We require that any requests be targeted at specific accounts and identifiers. MRI’s compliance team reviews government demands for user data to ensure the requests are valid, rejects those that are not valid, and only provides the data specified in the legal order.
Unless the warrant or court order prohibits disclosure to You, upon receipt of any third party request for Customer Data, MRI will promptly notify Customer. If MRI is not required by law to disclose the Customer Data, MRI will reject the request. If the request is valid and MRI could be compelled to disclose the requested information, MRI will attempt to redirect the third party to request the Customer Data from Customer.
17.Data Protection and Security
MRI is committed to helping protect the security of Customer’s information. We have implemented and will maintain and follow appropriate technical and organisational measures intended to protect Customer Data against accidental, unauthorised or unlawful access, disclosure, alteration, loss, or destruction.
| Domain | Practise |
| Organisation of Information Security | Security Ownership. MRI has appointed one or more security officers responsible for coordinating and monitoring the security rules and procedures. Security Roles and Responsibilities. MRI personnel with access to Customer Data are subject to confidentiality obligations. |
| Asset Management | Asset Inventory. MRI maintains an inventory of all media on which Customer Data is stored. Access to the inventories of such media is restricted to MRI personnel authorised in writing to have such access. Asset Handling
|
| Human Resources Security | Security Training. MRI informs its personnel about relevant security procedures and their respective roles. MRI also informs its personnel of possible consequences of breaching the security rules and procedures. MRI will only use anonymous data in training. |
| Physical and Environmental Security | Facilities Overview.
Protection from Disruptions. MRI uses a variety of industry standard systems to protect against loss of data due to power supply failure or line interference. |
| Communications and Operations Management | Operational Policy. MRI maintains security documents describing its security measures and the relevant procedures and responsibilities of its personnel who have access to Customer Data. Data Recovery Procedures
Event Logging. MRI logs access and use of information systems containing Customer Data, registering the access ID, time, authorisation granted or denied, and relevant activity. |
| Access Control | Access Policy. MRI maintains a record of security privileges of individuals having access to Customer Data. Access Authorisation
Least Privilege
Integrity and Confidentiality
Authentication
Network Design. MRI has controls to avoid individuals assuming access rights they have not been assigned to gain access to Customer Data they are not authorised to access. |
| Information Security Incident Management | Incident Response Process
|
| Business Continuity Management |
|
| Third-Party Penetration Testing | Security Assessments MRI tests all code for security vulnerabilities before release, and regularly scans our network and systems for vulnerabilities. Third-party assessments are also conducted regularly against OWASP and other global standards. Testing includes:
|
18. Security Incident Notification
If MRI becomes aware of any unlawful access to any Customer Data stored on MRI’s equipment or in MRI’s facilities, or unauthorised access to such equipment or facilities resulting in loss, disclosure, or alteration of Customer Data (each a “Security Incident”), MRI will promptly:
- Notify Customer of the Security Incident;
- Investigate the Security Incident and provide Customer with detailed information about the Security Incident; and
- Take reasonable steps to mitigate the effects and to minimise any damage resulting from the Security Incident.
Notification(s) of Security Incidents will be delivered to one or more of Customer’s administrators by any means MRI selects, including via email. It is Customer’s sole responsibility to ensure Customer’s administrators maintain accurate contact information on their MRI account profile. MRI’s obligation to report or respond to a Security Incident under this section is not an acknowledgement by MRI of any fault or liability with respect to the Security Incident.
Customer must notify MRI promptly about any possible misuse of its accounts or authentication credentials or any security incident related to MRI.
19. Intellectual Property
19.1. General
This Subscription is not a sale. Title to, and all Intellectual Property Rights in the Services, the Site and any documentation relating to the Services remain the property of MRI (or its licensors).
19.2. Ownership of Data
Title to, and all Intellectual Property Rights in, the Data remain Your property. However, Your access to the Data is contingent on full payment of the MRI OnLocation Subscription Plan when due. You grant MRI a licence to use, copy, transmit, store, and back-up Your information and Data for the purposes of enabling You to access and use the Services and for any other purpose related to provision of services to You. In the event of Termination of your account you can, as per Clause 22.7, download a copy of Your Data.
19.3. Backup of Data
MRI adheres to its best practice policies and procedures to prevent data loss, including a daily system data back-up regime, but does not make any guarantees that there will be no loss of Data.
19.4. Third-party applications and Your Data
If You enable third-party applications for use in conjunction with the Services, You acknowledge that MRI may allow the providers of those third-party applications to access Your Data as required for the interoperation of such third-party applications with the Services. MRI shall not be responsible for any disclosure, modification or deletion of Your Data resulting from any such access by third-party application providers.
20. Warranties and Acknowledgements
20.1. Authority
You warrant that where You have registered to use the Service on behalf of another person, You have the authority to agree to these Terms on behalf of that person and agree that by registering to use the Service You bind the person on whose behalf You act to the performance of any and all obligations that You become subject to by virtue of these Terms, without limiting Your own personal obligations under these Terms.
20.2. Acknowledgement: You acknowledge that
20.2.1. You are authorised to use the Services and the Site and to access the information and Data that You input into the Site, including any information or Data input into the Site by any person You have authorised to use the Service. You are also authorised to access the processed information and Data that is made available to You through Your use of the Site and the Services (whether that information and Data is Your own or that of anyone else).
20.2.2. MRI has no responsibility to any person other than You and nothing in this Agreement confers, or purports to confer, a benefit on any person other than You. If You use the Services or access the Site on behalf of or for the benefit of anyone other than Yourself (whether a body corporate or otherwise) You agree that:
- You are responsible for ensuring that You have the right to do so;
- You are responsible for authorising any person who is given access to information or Data, and You agree that MRI has no obligation to provide any person access to such information or Data without Your authorisation and may refer any requests for information to You to address; and
- You will indemnify MRI against any claims or loss relating to MRI’s refusal to provide any person access to Your information or Data in accordance with these Terms: MRI’s making available information or Data to any person with Your authorisation.
20.2.3. The provision of, access to, and use of, the Services are on an “as is” basis and at Your own risk.
20.2.4. MRI does not warrant that the use of the Service will be uninterrupted or error free. Among other things, the operation and availability of the systems used for accessing the Service, including public telephone services, computer networks and the Internet, can be unpredictable and may from time to time interfere with or prevent access to the Services. MRI is not in any way responsible for any such interference or prevention of Your access or use of the Services.
20.2.5. It is Your sole responsibility to determine that the Services meet the needs of Your business and are suitable for the purposes for which they are used.
20.3. No warranties
MRI gives no warranty about the Services. Without limiting the foregoing, MRI does not warrant that the Services will meet Your requirements or that it will be suitable for any particular purpose. To avoid doubt, all implied conditions or warranties are excluded in so far as is permitted by law, including (without limitation) warranties of merchantability, fitness for purpose, title and non-infringement.
20.4. Consumer guarantees
You warrant and represent that You are acquiring the right to access and use the Services for the purposes of a business and that, to the maximum extent permitted by law, any statutory consumer guarantees or legislation intended to protect non-business consumers in any jurisdiction does not apply to the supply of the Services, the Site or these Terms.
21. Limitation of Liability
21.1. To the maximum extent permitted by law, we exclude all liability and responsibility to You (or any other person) in contract, tort (including negligence), or otherwise, for any consequential loss or damage (including loss of profits and savings) resulting, directly or indirectly, from any use of, or reliance on, the Service or Site.
21.2. Subject to clauses 21.3 below, if You suffer loss or damage as a result of our negligence or failure to comply with these Terms, any claim by You against us arising from our negligence or failure will be limited in respect of any one incident, or series of connected incidents, to the Subscription Fees paid by You in the previous 12 months. If You are not satisfied with the Service, Your sole and exclusive remedy is to terminate these Terms in accordance with Clause 22.
21.3. This clause 21 does not apply to limit our liability for personal injury, death, fraud or wilful misconduct.
22. Termination
22.1. Non-Good Faith Rights to Terminate
If for any reason we suspect You have no intention of becoming a subscribed user or, after becoming a subscribed user have reason to suspect you are a competitor with no Good Faith intention of using the Services for its intended Purpose, we reserve the right to terminate Your Account without prejudice immediately.
22.2. Prepaid Subscription Plans
MRI will not provide any refund for any remaining prepaid Subscription Fees for a pre-paid Subscription Plan.
22.3. No-Fault Termination
Either Party may elect to terminate Your Account and subscription to a Service as of the end of Your then current Subscription Term by providing notice, in accordance with this Agreement, on or prior to the date thirty (30) days preceding the end of such Subscription Term. Unless Your Account and subscription to a Service is so terminated, Your subscription to a Service will renew for a Subscription Term equivalent in length to then expiring Subscription Term.
Unless agreed otherwise in writing, the Subscription Fees applicable to Your Subscription Plan for any such subsequent Subscription Term shall be Our standard Subscription Charges for the Subscription Plan to which You have subscribed or which You have deployed, as applicable, as of the time such subsequent Subscription Term commences.
22.4. Accrued Rights:
Termination of these Terms is without prejudice to any rights and obligations of the parties accrued up to and including the date of termination. On termination of this Agreement You will:
- remain liable for any accrued Subscription Fees and other charges or amounts which become due for payment before or after termination; and
- Immediately cease to use the Services and the Site.
22.5. Expiry or termination:
Clauses 8.1, 8.7, 15, 19, 20, 21, and 22 survive the expiry or termination of these Terms.
22.6. Breach by You:
If You:
- breach any of these Terms (including, without limitation, by non-payment of any Subscription Fees) and do not remedy the breach within 14 days after receiving notice of the breach if the breach is capable of being remedied;
- breach any of these Terms and the breach is not capable of being remedied or any payment of Subscription Fees that are more than 30 days overdue); or
- You or Your business become insolvent or Your business goes into liquidation or has a receiver or manager appointed of any of its assets or if You become insolvent, or make any arrangement with Your creditors, or become subject to any similar insolvency event in any jurisdiction,
MRI may take any or all of the following actions, at its sole discretion:
- Terminate this Agreement and Your use of the Services and the Site;
- Suspend for any definite or indefinite period of time, Your use of the Services and the Site;
- Suspend or terminate access to all or any Data.
- Take either of the actions in sub-clauses (1), (2) and (3) of this clause 22.6 in respect of any or all other persons whom You have authorised to have access to Your information or Data.
- For the avoidance of doubt, if payment of any invoice for Subscription Fees due in relation to any of Your Billing Contacts, Subscriptions or any of Your Locations (as defined in clause 8) is not made in full by the relevant due date, MRI may: suspend or terminate Your use of the Service, the authority for all or any of Your Locations to use the Service, or Your rights of access to all or any Data.
22.7. Expiry or termination:
Clauses 8.1, 8.7, 15, 19, 20, 21, and 22 survive the expiry or termination of these Terms.
23. General
23.1. Entire agreement:
These Terms, together with the MRI Privacy Policy and the Terms of any other notices or instructions given to You under these Terms of Use, supersede and extinguish all prior agreements, representations (whether oral or written), and understandings and constitute the entire agreement between You and MRI relating to the Services and the other matters dealt with in these Terms.
23.2. Waiver:
If either party waives any breach of these Terms, this will not constitute a waiver of any other breach. No waiver will be effective unless made in writing.
23.3. Delays:
Neither party will be liable for any delay or failure in performance of its obligations under these Terms if the delay or failure is due to any cause outside its reasonable control. This clause does not apply to any obligation to pay money.
23.4. No Assignment:
Neither party may assign any of its rights or obligations hereunder, whether by operation of law or otherwise, without the other party’s prior written consent (not to be unreasonably withheld); provided, however, either party may assign this Agreement in its entirety, without the other party’s consent to its Affiliate or in connection with a merger, acquisition, corporate reorganisation, or sale of all or substantially all of its assets. Notwithstanding the foregoing, if a party is acquired by, sells substantially all of its assets to, or undergoes a change of control in favor of, a direct competitor of the other party, then such other party may terminate this Agreement upon written notice. In the event of such a termination, We will refund to You any prepaid Subscription Fees allocable to the remainder of Your Subscription Term for the period after the effective date of such termination.
23.5. Governing law and jurisdiction:
23.5.1. If the information or Data You are accessing using the Services and the Site is solely that of a person who is a tax resident in New Zealand at the time that You accept these Terms then New Zealand law governs this Agreement and You submit to the exclusive jurisdiction of the courts of New Zealand for all disputes arising out of or in connection with this Agreement.
23.5.2. If the information or Data You are accessing using the Services and the Site is solely that of a person who is a tax resident in Australia at the time that You accept these Terms then Australian law governs this Agreement and You submit to the exclusive jurisdiction of the courts of Australia for all disputes arising out of or in connection with this Agreement.
23.5.3. If the information or Data You are accessing using the Services and the Site is solely that of a person who is a tax resident in the United States of America at the time that You accept these Terms then the State of California law govern this Agreement and You submit to the exclusive jurisdiction of the state courts of San Francisco County, California or federal court for the Northern District of California for all disputes arising out of or in connection with this Agreement.
23.5.4. In all other situations this Agreement is governed by the laws of New Zealand and You hereby submit to the exclusive jurisdiction of the courts of New Zealand for all disputes arising out of or in connection with this Agreement.
23.5.5. Notwithstanding the above, you agree that MRI shall still be allowed to apply for injunctive remedies (or an equivalent type of urgent legal relief) in any jurisdiction.
23.5.6. Arbitration Option
- For any claim (excluding claims for injunctive or other equitable relief) where the total amount of the award sought is less than $10,000, the party requesting relief may elect to resolve the dispute in a cost effective manner through binding non-appearance-based arbitration. In the event a party elects arbitration, they shall initiate such arbitration through an established alternative dispute resolution (“ADR”) provider mutually agreed upon by the parties.
- The ADR provider and the parties must comply with the following rules: (a) the arbitration shall be conducted by telephone, online and/or be solely based on written submissions, the specific manner shall be chosen by the party initiating the arbitration; (b) the arbitration shall not involve any personal appearance by the parties or witnesses unless otherwise mutually agreed by the parties; and (c) any judgment on the award rendered by the arbitrator shall be final and may be entered in any court of competent jurisdiction.
23.6. Federal Government End Use Provisions
23.6.1. If You are a U.S. federal government department or agency or contracting on behalf of such department or agency, each of the Services is a “Commercial Item” as that term is defined at 48 C.F.R. 2.101, consisting of “Commercial Computer Software” and “Commercial Computer Software Documentation”, as those terms are used in 48 C.F.R. 12.212 or 48 C.F.R. 227.7202. Consistent with 48 C.F.R. 12.212 or 48 C.F.R. 227.7202-1 through 227.7202-4, as applicable, the Services are licensed to You with only those rights as provided under the terms and conditions of this Agreement.
23.7. Anti-Corruption
23.7.1. You agree that You have not received or been offered any illegal or improper bribe, kickback, payment, gift, or thing of value from any of Our employees or agents in connection with this Agreement. Reasonable gifts and entertainment provided in the ordinary course of business do not violate the above restriction. If You learn of any violation of the above restriction, You will use reasonable efforts to promptly notify Our Legal Department at legal@mrisoftware.com.
23.8. Severability:
If any part or provision of these Terms is invalid, unenforceable or in conflict with the law, that part or provision is replaced with a provision which, as far as possible, accomplishes the original purpose of that part or provision. The remainder of this Agreement will be binding on the parties.
23.9. Notices:
Any notice given under these Terms by either party to the other must be in writing by email and will be deemed to have been given on transmission. Notices to MRI must be sent to support@whosonlocation.com or to any other email address notified by email to You by MRI. Notices to You will be sent to the email address which You provided when setting up Your access to the Service or have subsequently updated via the Service.
23.10. Rights of Third Parties:
A person who is not a party to these Terms has no right to benefit under or to enforce any term of these Terms.
Contact for Questions about these Terms of Use:
If you have any questions about the Terms of Use, the practices of this Website Service, or your dealings with us, you may contact us by sending an email to:
Email at support@whosonlocation.com or by writing to:
Attn: Terms of Use Issues
MRI OnLocation Customer Services
MRI New Zealand Holdings Limited
P.O. Box 27023
Marion Square, Wellington, New Zealand 6040
Last Updated on: 1 February 2023 (GMT).
You can download the Master Subscription Agreement here.
Schedule 1 – Data Processing Agreement
This Schedule applies to Customer Personal Data that we process in the course of providing You the services under the Agreement.
The scope and duration, as well as the extent and nature of the collection, processing and use of Customer Personal Data under this Schedule shall be as defined in the Agreement and otherwise in our Privacy Policy.
1. Definitions
1.1. Definitions
Unless the context otherwise requires or as otherwise set out in the Agreement:
“Customer Personal Data”
means any Personal Data provided by You and/or processed by us under Your instructions.
“Personal Data”
means any information relating to an identifiable data subject.
“Personal Data Breach”
means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
“Privacy Laws”
means any applicable laws and/or regulations (including the GDPR) that relate to the security and protection of Personal Data.
“Regulatory Bodies”
means those government departments and regulatory, statutory and other bodies, entities and committees which, whether under statute, rule, regulation, code of practice or otherwise, are entitled to regulate, investigate or influence the matters relating to the security of data, Personal Data and privacy protection.
“Third Country”
means a country or territory which is not a Member State of the European Union or EEA.
1.2. Interpretation:
1.2.1. References to “identifiable”, “data processor”, “data controller”, “data subject”, “process” and “processing” shall have the same meanings ascribed to them by GDPR.
1.2.2. Clause headings are inserted for ease of reference only and do not affect the construction of this Schedule.
2. Data Controller and Processor
2.1. Roles
You acknowledge that, in the context of the Agreement and this Schedule, and for the purposes of the Privacy Laws, You are the data controller and we are the data processor. We undertake to duly fulfil the obligations set out in this Schedule.
2.2. Your Obligations
2.2.1. You are responsible for data controller obligations under the applicable Privacy Laws, including providing any required notices and obtaining any required consents, and for the processing instructions you give us.
2.2.2. You warrant that no contractual confidentiality obligations prohibit the processing of Customer Personal Data as described in this Schedule and in the Agreement.
2.2.3. You warrant that the production, collection, processing of Customer Personal Data has been and will continue to be carried out in accordance with the applicable Privacy Laws.
3. Terms and Conditions
We shall ensure that all Customer Personal Data is processed:
3.1.1. on your behalf in accordance with the Agreement, this Schedule and Your written instructions from time to time;
3.1.2. in compliance with the applicable Privacy Laws.
We shall immediately notify You if any instruction provided by you is in breach of any applicable Privacy Laws.
Both parties shall ensure that its employees are subject to a duty of confidentiality as it relates to the Personal Data in accordance with Section 15 (Confidentiality and Privacy) of the Master Subscription Agreement.
3.2. Principle of Processing
Personal Data shall be processed under the general principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality, and accountability. We shall process Personal Data at all times in accordance with the Agreement. We shall provide no less than the level of privacy protection as required by the applicable Privacy Laws.
Further, as data processor, we will only act upon and process the Customer’s Personal Data for the purposes of performing its obligations under the Agreement or as outlined in our Privacy Policy, subject to the Processing Instructions. Customer may, and we shall provide reasonable assistance to, take reasonable steps to stop or remediate unauthorized processing of Personal Data. Our Privacy Policy may be found at https://www.mrisoftware.com/ie/privacy-policy, and may be updated from time to time by us. Client’s instruction to cease Processing Customer Personal Data shall not alleviate Customer’s obligations under the Agreement, including without limitation, its payment obligations.
3.3. Cooperation Obligations:
We shall provide you with all information necessary to demonstrate compliance with applicable Privacy Laws and assist and support you:
3.3.1. in the event of an investigation or other control measures or any other measure by any Regulatory Body, to the extent that such investigation relates to Customer Personal Data;
3.3.2. in the event of the exercise of liability claims by data subjects or a third party related to the processing in scope of this Schedule;
3.3.3. in complying with the rights of data subjects, including the right to obtain a transparent information and communication, the right to access, rectify, and erase their Personal Data, restrict, or object to, the processing of their Personal Data, exercise their right to data portability;
3.3.4. in notifying and obtaining approvals from Regulatory Body where required;
3.3.5. in performing data protection impact assessments;
3.3.6. in consulting with Regulatory Bodies.
3.4. Data Breach:
If we become aware of a Personal Data Breach, we will notify you and take reasonable and appropriate steps as set out in the Security Incident Notification section of the Agreement. In addition, to the extent that such information is available, we shall summarise in reasonable detail the impact of such Personal Data Breach, including describing:
3.4.1. the nature of the Personal Data Breach;
3.4.2. the categories and numbers of data subjects concerned;
3.4.3. the categories and numbers of Personal Data records concerned;
3.4.4. the estimated risk and the likely consequences of the Personal Data Breach; and
3.4.5. the measures taken or proposed to be taken to address the Personal Data Breach.
3.5. Data Subject Rights:
We will promptly inform You of our receipt of any inquiry or request from a data subject with respect to Customer Personal Data processed by us. Except were we are obliged to under any applicable laws, we shall not respond to any such request unless You expressly authorise us.
3.6. Data Protection and Security (Technical and Organisational):
Within our Agreement and Privacy Policy, we will maintain an up-to-date list of technical and organisational measures to protect Customer Personal Data from unauthorised processing that will meet the requirements of the applicable Privacy Laws.
3.7. Cross-Border Transfers:
3.7.1. Any transfer of Customer Personal Data to a Third Country will be performed as required by applicable Privacy Laws and with adequate security measures. Our server regions are noted on our website. In particular, transfers can be performed if we:
- have given You notice (including by updating the list of data locations on our website or by dashboard notification) containing the details of the new locations; and
- You do not express your disagreement within thirty (30) days from the receipt of the notice.
3.7.2. In the case of disagreement, the parties shall collaborate to find a reasonable solution. In the event that the parties do not reach a mutually acceptable position in relation to the proposed changes, We shall, in Our sole discretion, be entitled to terminate the Agreement immediately on giving written notice to You.
3.7.3. Where Customer Personal Data is transferred from a Member State of the European Union to a Third Country which does not ensure an adequate level of data protection, the Standard Contractual Clauses shall apply with the following amendments:
- Only the provisions relating to EU Standard Contractual Clauses (Module 2: Controller-to-Processor) apply to such transfer, and the provisions relating only to Modules 1, 3 and 4 are deleted and shall not apply;
- In respect of Clause 9 (sub-processors), Option 2, general written authorisation applies, and the minimum time period for the Data Importer to specifically inform the Data Exporter in writing of any intended changes to that list in accordance with Clause 9 shall be: one (1) business day via posting here. Customer may subscribe for updates to the list available here;
- In respect of Clause 17 (governing law), Option 2 shall apply and consequently the Member State governing law shall be the law of the EU Member State in which the Data Exporter is established. Where such law does not allow for third-party beneficiary rights, the Clauses shall be governed by the law of another EU Member State that does allow for third-party beneficiary rights. The parties agree that this law shall be the laws of Ireland; and
- In respect of Clause 18 (choice of forum and jurisdiction), the relevant courts shall be the courts of Ireland.
3.8. Subcontractors:
You give us general written consent for us to authorise subcontractors to process Customer Personal Data subject to the following conditions:
3.8.1. we must maintain an up-to-date list of the names and locations of all subcontractors, and shall make this list reasonably available to You. Customer may subscribe for updates to the list available here;
3.8.2. we will provide You with prior notice of the engagement of any new subcontractors (including via a dashboard notification);
3.8.3. You have thirty (30) days from receiving such notice to object to any changes to subcontractors (acting reasonably); and
3.8.4. the contract entered into between us and a subcontractor is on terms which are substantially the same as those set out in this Schedule.
3.9. Return/Destruction of Customer Personal Data:
At the earlier of:
3.9.1. termination or expiration of the Agreement; or
3.9.2. when requested to do so by You,
we shall hand over to You and/or erase or destroy Customer Personal Data as required by You.
3.10. Verification:
We will make available to You all information necessary to demonstrate compliance with the obligations under this Schedule and applicable Privacy Laws, and allow for and contribute to inspections and audits conducted in a reasonable manner by You or your representatives.
3.11. Communication:
Any notice, objection or other communication to be given to us under this Schedule shall be in served on our Data Protection Officer, as set out in our Privacy Policy from time-to-time.
3.12. Term:
This Schedule takes effect from the time that You first access our services, and remains effective during the term of the Agreement.
4. Additional Terms.
Notwithstanding anything to the contrary in this Agreement, the following clause shall apply for Customers processing Personal Data of data subjects located in states where such additional clauses are required under the applicable Privacy Laws:
4.1 We shall not:
4.1.1. “Sell” or “Share” Personal Data as those terms are defined under Privacy Laws;
4.1.2. retain, use, disclose, or otherwise process Personal Data except as necessary for the business purposes specified in the Agreement or this Schedule;
4.1.3. retain, use, disclose, or otherwise process Personal Data in any manner outside of the direct business relationship between Customer and us except as necessary for the business purposes specified in the Agreement or this Schedule; or
4.1.4. combine any Personal Data with Personal Data that we receive from or on behalf of any other third party or collects from our own interactions with data subjects, provided that we may so combine Personal Data for a purpose permitted under Privacy Laws if directed to do so by Customer or as otherwise expressly permitted by the Privacy Laws.
4.2 We shall:
4.2.1. notify Customer if we become aware that it is no longer able to meet its obligations under applicable Privacy Laws; and
4.2.2. take reasonable and appropriate steps to help ensure that Personal Data use is consistent with Customer’s obligations under applicable Privacy Laws.
5. Agreement
5.1. Agreement:
This Schedule is supplemental to the Agreement, and other than as stated by this Schedule, the Agreement remains in full force and effect.
5.2. Priority:
In the event of any conflict between the terms of the Agreement and this Schedule, the terms in this Schedule shall prevail (to the extent of any such inconsistency).
